phpPackages.composer: 2.6.6 -> 2.7.1
Diff: https://github.com/composer/composer/compare/2.6.6..2.7.1 Changelog: https://github.com/composer/composer/releases/tag/2.7.1 Fix CVE: CVE-2024-24821
This commit is contained in:
parent
39502e7aa7
commit
cf9e77ef8e
3 changed files with 18 additions and 43 deletions
|
@ -83,28 +83,7 @@ composerInstallBuildHook() {
|
|||
|
||||
# Since this file cannot be generated in the composer-repository-hook.sh
|
||||
# because the file contains hardcoded nix store paths, we generate it here.
|
||||
composer-local-repo-plugin --no-ansi build-local-repo -m "${composerRepository}" .
|
||||
|
||||
# Remove all the repositories of type "composer" and "vcs"
|
||||
# from the composer.json file.
|
||||
jq -r -c 'del(try .repositories[] | select(.type == "composer" or .type == "vcs"))' composer.json | sponge composer.json
|
||||
|
||||
# Configure composer to disable packagist and avoid using the network.
|
||||
composer config repo.packagist false
|
||||
# Configure composer to use the local repository.
|
||||
composer config repo.composer composer file://"$PWD"/packages.json
|
||||
|
||||
# Since the composer.json file has been modified in the previous step, the
|
||||
# composer.lock file needs to be updated.
|
||||
composer \
|
||||
--lock \
|
||||
--no-ansi \
|
||||
--no-install \
|
||||
--no-interaction \
|
||||
${composerNoDev:+--no-dev} \
|
||||
${composerNoPlugins:+--no-plugins} \
|
||||
${composerNoScripts:+--no-scripts} \
|
||||
update
|
||||
composer-local-repo-plugin --no-ansi build-local-repo-lock -m "${composerRepository}" .
|
||||
|
||||
echo "Finished composerInstallBuildHook"
|
||||
}
|
||||
|
@ -151,9 +130,6 @@ composerInstallInstallHook() {
|
|||
${composerNoScripts:+--no-scripts} \
|
||||
install
|
||||
|
||||
# Remove packages.json, we don't need it in the store.
|
||||
rm packages.json
|
||||
|
||||
# Copy the relevant files only in the store.
|
||||
mkdir -p "$out"/share/php/"${pname}"
|
||||
cp -r . "$out"/share/php/"${pname}"/
|
||||
|
|
|
@ -63,7 +63,7 @@ composerRepositoryBuildHook() {
|
|||
# Build the local composer repository
|
||||
# The command 'build-local-repo' is provided by the Composer plugin
|
||||
# nix-community/composer-local-repo-plugin.
|
||||
composer-local-repo-plugin --no-ansi build-local-repo ${composerNoDev:+--no-dev} -r repository
|
||||
composer-local-repo-plugin --no-ansi build-local-repo-lock ${composerNoDev:+--no-dev} -r repository
|
||||
|
||||
echo "Finished composerRepositoryBuildHook"
|
||||
}
|
||||
|
|
|
@ -1,11 +1,22 @@
|
|||
{ lib, callPackage, fetchFromGitHub, fetchpatch, php, unzip, _7zz, xz, git, curl, cacert, makeBinaryWrapper }:
|
||||
{ lib
|
||||
, callPackage
|
||||
, fetchFromGitHub
|
||||
, php
|
||||
, unzip
|
||||
, _7zz
|
||||
, xz
|
||||
, git
|
||||
, curl
|
||||
, cacert
|
||||
, makeBinaryWrapper
|
||||
}:
|
||||
|
||||
php.buildComposerProject (finalAttrs: {
|
||||
# Hash used by ../../../build-support/php/pkgs/composer-phar.nix to
|
||||
# use together with the version from this package to keep the
|
||||
# bootstrap phar file up-to-date together with the end user composer
|
||||
# package.
|
||||
passthru.pharHash = "sha256-cmACAcc8fEshjxwFEbNthTeWPjaq+iRHV/UjCfiFsxQ=";
|
||||
passthru.pharHash = "sha256-H/0L4/J+I3sa5H+ejyn5asf1CgvZ7vT4jNvpTdBL//A=";
|
||||
|
||||
composer = callPackage ../../../build-support/php/pkgs/composer-phar.nix {
|
||||
inherit (finalAttrs) version;
|
||||
|
@ -13,27 +24,15 @@ php.buildComposerProject (finalAttrs: {
|
|||
};
|
||||
|
||||
pname = "composer";
|
||||
version = "2.6.6";
|
||||
version = "2.7.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "composer";
|
||||
repo = "composer";
|
||||
rev = finalAttrs.version;
|
||||
hash = "sha256-KsTZi7dSlQcAxoen9rpofbptVdLYhK+bZeDSXQY7o5M=";
|
||||
hash = "sha256-OThWqY3m/pIas4qvR/kiYgc/2QrAbnsYEOxpHxKhDfM=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "CVE-2024-24821.patch";
|
||||
url = "https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7.patch";
|
||||
hash = "sha256-Q7gkPLf59+p++DpfJZeOrAOiWePuGkdGYRaS/rK+Nv4=";
|
||||
excludes = [
|
||||
# Skipping test files, they are not included in the source tarball
|
||||
"tests/*"
|
||||
];
|
||||
})
|
||||
];
|
||||
|
||||
nativeBuildInputs = [ makeBinaryWrapper ];
|
||||
|
||||
postInstall = ''
|
||||
|
@ -41,7 +40,7 @@ php.buildComposerProject (finalAttrs: {
|
|||
--prefix PATH : ${lib.makeBinPath [ _7zz cacert curl git unzip xz ]}
|
||||
'';
|
||||
|
||||
vendorHash = "sha256-50M1yeAKl9KRsjs34cdb5ZTBFgbukgg0cMtHTYGJ/EM=";
|
||||
vendorHash = "sha256-NJa6nu60HQeBJr7dd79ATptjcekgY35Jq9V40SrN9Ds";
|
||||
|
||||
meta = {
|
||||
changelog = "https://github.com/composer/composer/releases/tag/${finalAttrs.version}";
|
||||
|
|
Loading…
Reference in a new issue